How
bloody wonderful. Someone tried to
crack my box today.
It all happened around 4:30PM. I was feeling tired for some reason, and decided to doze off on my bed. No sooner than I had just layed down, when macaroni (My little Linux box) beeped out of the PC speaker. At first, I didn't think it was bad; my friend likes to telnet in from time to time and wall messages to me. No problem, I thought.
I looked at the walled message, and it was from syslogd@localhost. All the message said was "localhost". I found this quite odd, so I decided to fire up IRC to ask questions while I went over the /var/log/messages reel.
Within messages, I quickly noticed a rather largish amount of ugly characters around the point in time where it beeped. Not cool, I thought to myself. Very not cool.
A quick trip to #everything, as well as explaining what was going on, got a quick reply from nutate. His basic response boiled down to his last statement: "Game over, man!"
A check in netstat backed this up. I suddenly had all these connections to places I had NO idea of. After leaving #everything with the very informative message "oh, shit", I yanked the ethernet cable that hooked me back to the outside world.
Running on nutate's advice that "your box is a playground", and getting advice from resc, I dove headfirst into inetd.conf and started whacking services left and right. No more login, shell, all that. All what's open is http and ftp. Not trusting telnet anymore. Looking around, I also killed off linuxconf, sendmail, and a few other choice juicy tidbits.
I should head off to xoom.com (Where the IP of the attack traced back to), see if I can find their abuse address, and send out the log. Someone needs to be shot.
ADDED TO THE MP3 PLAYLIST TODAY: 99 Luftbaloons, Nena (German version); Da Da Da, Trio (German Version); Sledgehammer, Peter Gabriel. (Also downloaded 99 Red Balloons by Nena, but that's not in the list)